The number of security alerts and issues is growing exponentially. IP brought some, mobile added more, the cloud is causing all types of extra alerts and IoT is probably going to send it through the roof. At Nokia, we often talk about the disappearing perimeter. Traditionally, security was about building a fence and trusting that fence to make you feel secure, but you never actually check to see if someone has cut a hole in that fence and is moving around within your perimeter. That’s why it’s becoming key to move beyond your perimeter defences, while keeping them intact, and start doing analytics on breaches that have occured.
Most of our customers already assume that they are going to be breached, but what will separate them is how quickly they can respond to those breaches. If and when it happens, they want to be able to say that they responded and were back up in a matter of hours as opposed to a matter of weeks.
The reality today is that the number of security incidents is now so high, that only 30% of incidents get investigated. Of that, 70% are false positives. As a result, 54% of incidents that should get investigated don’t, and the people working on that spend 54% of their time trying to do detections.
We also know there’s a lack of skilled security experts out there. So, how do you make these limited resources more effective? And how do you automate responses as quickly as possible so you can close those breaches or discover them earlier?
Globally, we are seeing the convergence of telecoms and IT take shape and legacy telecom networks are becoming more like IT infrastructure. Elements such as network function virtualisation (NFV), which basically means taking dedicated telecom equipment and running it on open platforms and cloud, is becoming a reality. This poses its own challenges, as all the issues traditionally experienced in an IT network are now moving across to the telecom environment. Likewise, the two networks are starting to connect all over the place, adding complexity as we move forward.
That brings us to the Internet of Things (IoT), introducing a new level complexity and potential forsecurity breach. International Data Corporation predicts that by 2025 there will be 80 billion connected devices. IoT represents a wealth of opportunities to roll out new services to customers. In fact it’s remarkably easy to build an IoT device on things like Raspberry Pi and other similar solutions, but there’s no network security built into them and they are easy to hack In other words, that simply increases the attack surface.
It’s no surprise therefore, that security is one of the biggest challenges to IoT adoption. IoT introduces different endpoints, risks and practices. Organisations must also understand that it also involves multivectors, so you have multiple things going on to signal an attack. This is particularly challenging for operators, who have silos housing different pieces of data. Silos will need to come down in order to merge data to get insight into some of the lateral movement that takes place once you’ve been penetrated.
Organisations must prioritise monitoring and tracking to ensure their IoT devices are performing their intended function, whether they are doing anything else and whether they have any other impact on the network that isn’t readily observed through traffic patterns. At Nokia, for example, we combine things like monitoring the traffic in the network, correlate that against a baseline of what the device is supposed to do and then look for any anomalous traffic falling outside the norm as this generally signals that an IoT device has been compromised. With close monitoring, you are then in a position to act either by blocking the device or reconfiguring it, to restore it to its previous state.
New Security for IoT webinar
Further reading in Wireless Week: Here’s how security analytics can help combat advanced IoT threats
Share your thoughts on this topic by replying below – or join the Twitter discussion with @nokianetworks using #security #IoT